Life notes and ideas from a security pro who lives in the mountains and does a lot of cycling, skiing, dirt biking, writing, coding, and thinking. Twitter @k3strel

Friday, January 17, 2014

Cybercrimes of Passion

Not all cybercrimes fit in to the Criminal Behavior Cost-Benefit Model. Some just don't make sense.

On June 13, 2008, Terry Childs, a network administrator
for the City of San Francisco, was arrested for not providing administrative
passwords for the City’s Fiber Wan network infrastructure after being
disciplined at work. For eight days San Francisco had no system level access to
the infrastructure responsible for carrying 60% of its network traffic. The
access was restored only after Terry told the Mayor of San Francisco the
passwords to the systems during a private meeting in the prison where he was
incarcerated.[1]

The cost-benefit formula assumes a rational thinker. Not
the case here.

Monetary Benefit (Mb) – Nil.

Psychological Benefit (Pb) – High
(short term). Once the court records are made public, I suspect we’ll learn
that Terry, a CCIE, had a long-time poor relationship with the management staff
and that he didn’t feel that anyone but he should have admin access to the
network.

Cost of Crime Perpetration (Ocp) –
Low. He already had admin access to the network infrastructure.

Cost of Legal Defense and Incarceration – Very
high. Prosecution and incarceration were imminent – all facts attributed the
crime directly to Terry.

The
‘irrationals’ represent a very small portion of the system hacks, but they are
out there and they are very bothersome. Perhaps the people that scare us the
most are the ones that we can’t explain.